New Stuxnet Variant Allegedly Struck Iran

A malware similar in nature to Stuxnet but more aggressive and sophisticated allegedly hit the infrastructure and strategic networks in Iran.

Details about the supposed new attack are superficial at the moment, as there are no details about the supposed attack, the damage it caused or its targets.

Lightning striking twice in the same spot

A report on Wednesday from Israeli evening news bulletin Hadashot says that Iran "has admitted in the past few days that it is again facing a [Stuxnet-like] attack, from a more violent, more advanced and more sophisticated virus than before, that has hit infrastructure and strategic networks."

The Iranian Supreme Leader Ayatollah Ali Khamenei in a televised speech on Sunday said that the country's civil defenses should adapt to fight enemy infiltration via new threats.

On the same day, General Gholamreza Jalali, Iran's head of the Passive Defense Organization that is charged with combating sabotage activity, was quoted by ISNA news agency saying that the agency discovered and neutralized "a new generation of Stuxnet which consisted of several parts" that was trying to breach Iranian systems.

Stuxnet is believed to be the creation of the intelligence agencies in the US and Israel. It is an advanced toolset specifically tailored to target Siemens industrial control system equipment. More specifically, it reprogrammed the PLCs (programmable logic controller) for centrifuges in nuclear enrichment at various facilities in Iran.

Built for sabotage purposes, the malware was stealthy in its actions and made it look like the damage it caused to the centrifuges was, in fact, the result of an accidental malfunction of the equipment.

Stuxnet modifying the PLC

Considering the news coverage and attention received from several cybersecurity companies that analyzed its modules, Stuxnet is unlikely to emerge in a recognizable version. General Jalil could have referred to malware with destructive modules that attempted to infiltrate and attack Iranian infrastructure.

More Iranian context

The Hadashot report was preceded by a communication about Mossad intelligence agency stopping a murder plot targeting three Iranians in Denmark.

Before this, media outlets covered news about General Jalali saying that President Hassan Rouhani's mobile phone had to be replaced recently with a more secure variant because it had been tapped.

The source of the information was the ISNA news agency quoting the Iranian official on Monday.

The Passive Defense Organization’s Public Relations Department dismissed the news as false, stating that the information was taken out of context.

The agency clarified that General Jalali's remarks were a warning about the risk of interception in the case of unencrypted calls Iran's officials make when abroad.

“Recently, some media outlets have published remarks by Brigadier General Gholamreza Jalali which were taken out of context with regard to the president’s mobile phone being tapped, which is strongly denied,” the statement read.

Ionut Ilascu is freelancing as a technology writer with a focus on all things cybersecurity. The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger and Softpedia.